|
|
|
|
|
|
by lucb1e
1268 days ago
|
|
|
> most of the discussion about passwords completely miss the point. [...] any password under around 50 characters is as good as "dog" I think you've completely missed the point. After how long do you start to get annoyed when logging in? Most people probably at 2-5 seconds, but let's say ten full seconds of waiting for the computer to do the hashing. A word like dog is among the top few thousand words, let's say ten thousand, so after 10k×10s/(3600 seconds per hour) = ~28 hours your password is cracked on a single cpu. Probably more like 28 minutes on a couple GPUs, and this is using a complexity setting that literally nobody is going to use (I bet even the NSA isn't paranoid enough to wait 10 seconds for every login). Now compare that to "any other password under around 50 characters". If you want to use a passphrase, pick random words (at least five when using complex words; the number depends on your dictionary size). Not a single word that is also very common. That completely misses the point. This strategy would work if literally everyone uses a random words generator and yours, against all odds, comes up with a single common word. Then attackers would have no reason to crack in order of commonness and start with a single word. But that is not the reality we live in and attackers do start with simple passwords before complex ones. (Source: one of the things we do at work is crack passwords, most commonly when we get our hands on Windows password hashes.) |
|
|
if its that "dog" is a weak password, i thought that was evident. but many people seem confused that "horseloverwhatever" is more secure, similarly that "dog23!Wog" is more secure. my point is they are equally trash so leave the user alone